From fa0e9ccc746b8b923e43bd4c23dee285e52ea467 Mon Sep 17 00:00:00 2001
From: Guanran Wang <guanran928@outlook.com>
Date: Mon, 25 Dec 2023 21:03:49 +0800
Subject: [PATCH] nixos: core: use sudo-rs

---
 nixos/profiles/core/hardening/default.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/profiles/core/hardening/default.nix b/nixos/profiles/core/hardening/default.nix
index 2c589a0..b7a5438 100644
--- a/nixos/profiles/core/hardening/default.nix
+++ b/nixos/profiles/core/hardening/default.nix
@@ -8,7 +8,8 @@
 
   environment.etc.machine-id.text = "b08dfa6083e7567a1921a715000001fb"; # whonix id
   security.apparmor.enable = true;
-  security.sudo.execWheelOnly = true;
+  security.sudo-rs.enable = true;
+  security.sudo-rs.execWheelOnly = true;
 
   boot.blacklistedKernelModules = [
     # Obscure network protocols